On 8/4/05, Ed White <[EMAIL PROTECTED]> wrote: > Is there any plan to use x86 cpus rings (0..3) to improve OpenBSD security?
/usr/src/sys/arch/i386/i386/machdep.c has: #if defined(I486_CPU) || defined(I586_CPU) || defined(I686_CPU) /* * On a 486 or above, enable ring 0 write protection. */ if (cpu_class >= CPUCLASS_486) lcr0(rcr0() | CR0_WP); #endif and sys_machdep.c does checks to ensure that the LDT only has user descriptors in ring 3. From my x86 assembly days, I found that I never used ring 1 or 2, and it seems to be the same way with OpenBSD. Unneccessarily complexities with little or no added security benefits. -- Jon Simola Systems Administrator ABC Communications